Re: [NTLK] MP2100 Virus Software

From: Paul Guyot (pguyot_at_kallisys.net)
Date: Wed May 29 2002 - 16:28:15 EDT


From: "Daniel Padilla" <daniel.padilla_at_wanadoo.es>
Date: Wed, 29 May 2002 16:01:15 +0200

> It's very, very easy to destroy *ALL* your newton data. Another
>question is why nobody has ever done such a "bad" program. Looks
>like we newton users are quite good ppl. O:-)

Well, this might be a reason. However, I think there is something else.

A virus doesn't need to simply destroy all your data. I know several
software that do that perfectly well, including one I've been working
on for nearly two years now.

A virus doesn't need to simply reboot your Newton. There are people
on this list who run software doing exactly that, and they like it.

The thing is that a virus has to infect programs to reproduce itself.
Even if you don't consider just infecting programs, it needs to
reproduce itself nevertheless.

The thing is that the Newton cannot get external code executed in
thousands of ways.
* There are packages that can be beamed or installed from a desktop
computer (but no standard tool to put them out of the Newton except
beaming). There are memory cards. You can send packages in e-mails.
In all these cases, the code isn't executed without your willing
(except when you insert a card, though).

* Another way is that you can execute NewtonScript or Waba with Newt's Cape.

I think that's all. Well, there are also NewtonScript in
DashBoard/GestureLaunch/PartialRecall/NewtDevEnv sources/QuickFigure
spreadsheets. All these aren't executed automatically.

How a form on the Newton could use these methods:

a/ it could infect Notes & the binary soup in the NotePad for NPDS
users, so Newt's Cape users when coming and visit these NPDS servers
would be infected. If someone writes this, he or she won the right to
write 10 K lines for NPDS.

b/ it could infect a package and then the package could later be
beamed/sent/moved on a card later inserted on another one, etc. I
think this is the only serious way.

I've thought of that because something like 3 or 4 years ago, I tried
to modify a package on my Newton directly. The result was that my
package soup was killed down and I lost all my data.

So the only way is to deallocate the binary (could I mention that
except the beam code in the OS, there isn't a single piece of code
that does this correctly?), modify the binary and install it (using
suck package from binary). This is doable, but not many folks have
looked into that deallocation problem.

Then, think about that: how many Newtons have you beamed to?

Of course, we could write such a virus because NewtonOS definitely
lacks this kind of software. We could write an anti-virus software as
well that "protects against 100% of the viruses" without making a
division by zero.

Paul

--
This is a virus for NewtonOS. Please copy that to your 
SimpleMail/EnRoute signature preferences. From time to time, press 
the Reset button.

-- Read the List FAQ/Etiquette: http://www.newtontalk.net/faq.html Read the Newton FAQ: http://www.guns-media.com/mirrors/newton/faq/ This is the NewtonTalk mailing list - http://www.newtontalk.net



This archive was generated by hypermail 2.1.2 : Wed Jun 12 2002 - 20:02:54 EDT